Cyber Risk Is a Top Concern, 84% Tell DTCC

DTCC released its recent "Systemic Risk Barometer" survey showing that cyber risk is among the global financial industry's top five concerns, along with the impact of new regulations.

DTCC released the results of a systemic risk survey today, finding that 84% of respondents identify cyber risk as one of their top five concerns, an increase of 25 points from the previous survey taken in March.

Previously, 59% of respondents indicated that cyber risk was a top systemic risk to the broader economy.

The latest "Systemic Risk Barometer" was completed in the third quarter of 2014 with 202 respondents, including DTCC clients and a broad range of global participants from the financial services industry.

In the wake of a huge cyber attack on JP Morgan this summer with attempts to break into about a dozen other financial firms, including Fidelity and E*Trade, reportedly by Russian hackers, the survey reflects the industry's rising concern and changing sentiment toward cyber risk.

Cyber Risk Is Widely Cited Top Concern

Cyber risk, geopolitical risk, and impact of new regulations were the top concerns identified by financial industry respondents in DTCC's most recent "Systemic Risk Barometer" survey.

In general, 37% of respondents felt the probability of a high-impact event in the global financial system has increased during the past six months -- up from 21% in March 2014.

By comparison, 64% cited the impact of new regulations as a top concern, while 62% singled out geopolitical risk. The risk of a sudden dislocation in financial markets worried 43% of respondents, up from 39% in March. Yet respondents seem less worried about disruption coming from a key market participant, 32% citing this as a concern, a decrease from 45% in March.

Among the key findings of the DTCC survey are:

Respondents cited cyber risk (33%), geopolitical risk (19%), and impact of new regulations (18%) as the top risks to the broader economy. A combined 70% of respondents indicated one of these risks was their top concern.

Sixty-four percent of respondents cite the impact of new regulations as a top concern that could impact the broader economy.

In line with these results, DTCC noted that 76% of all respondents indicated they have increased the amount of resources allocated to identifying, monitoring, and mitigating systemic risks over the past year.

In terms of acquiring the capability to identify, monitor, and mitigate current and emerging systems risks, more than two-thirds (67%) of respondents described their efforts as in the developing stage, 29% are mature, while 4% are in a nascent stage. These results were similar to the March 2014 study, notes DTCC.

Systemic Risk Capabilities Are a Work in Progress

Over two-thirds of respondents described their ability to address cyber risks as in the developing stage. These results are similar to the March 2014 survey, says DTCC.

DTCC also released a comprehensive whitepaper, "Cyber Risk – A Global Systemic Threat," which identifies the need for increased information sharing and closer collaboration between the public and private sectors as among the strongest defenses to combat cybercrimes. The paper provides an overview of public-private partnership initiatives undertaken to safeguard critical infrastructure, protect national security, and ensure data privacy. The paper finds that despite progress in this area in recent years, information sharing remains insufficiently coordinated.

“Building information partnerships among key stakeholders is critical to developing the most comprehensive and effective tools for promoting cyber-security across the financial system and in our critical infrastructures,” said Michael Leibrock, DTCC chief systemic risk officer, in the press release. “The best way to achieve these alliances is through a truly coordinated and open approach across industries and national borders. With concerns about the potential wide-spread impact of cyber-threats growing rapidly given the recent high-profile cyber attacks, our white paper provides a solid platform for greater discussion around this very real risk.”

In the whitepaper, DTCC calls for the creation of global industry working groups to work with relevant national regulators on the development of cyber security regulations that address the real-time and evolving nature of cyberthreats. It also calls for additional efforts from policy makers to clarify boundaries when it comes to large-scale cyber attacks against the financial services sector and other private sectors. “In the age of increasing APT attacks from nation-state actors with much greater resources than their targets, private sector institutions cannot be expected to independently respond to or recover from all levels of cyber attack,” according to the paper.

Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio